>Well, not to detract from Mudge's reputation, but there were several >exploits published in 90-92 dealing with dropping into the console >monitor/debugger on Suns and poking at various things in memory. This >is hardly new. Egads, didn't realize my reputation was on the line <grin>. The article was largely supposed to interest people in FORTH (heck, the cisco decryptor in the article isn't new either - but figured people might be interested in an implementation done in FORTH on a PalmPilot). Oh yes, it was also supposed to remind people of the interplay between hardware and software in many places. You should see some of the wonderfull things that have been done accessing 8051 chips in keyboards to obtains less than laudable ends. Or what of the nice 256 byte buffer available for each key on the programmable keyboards (like the gateway 2000 models). Wow, what a wonderful way to export/smuggle information that could be. Remap each key to contain 256bytes worth of code - disconnect the keyboard from the computer and trust the NVRAM to keep the info in tact. Get it where you want and plug it back in typing each key to extract the information. Then the beauty is that you have a working keyboard afterwards. It was just an added little bonus that one of the examples in the article shows you how to change the ucred structure to give yourself root if you are sitting at the terminal. But then again, if you didn't get root out of it how much of a phrack article would it have made ;) >This is also how you can steal Kerberos tickets and passwords, PGP >keys, and other assorted goodies if you have physical access to a >machine someone is using remotely. Or compromise group kmem in many situations. Heck, who needs physical access? All of your points are completely acurate and I agree with them. Thanks and cheers, .mudge
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:04:21 PDT